missed the check if /etc/bdisk/build.ini is specified

.gitignore

@@ -5,7 +5,7 @@
 *.bak
 
 # These are user-controlled.
-#/overlay/*
+/overlay
 !/overlay/x86_64
 !/overlay/i686
 !/overlay/etc/
@@ -35,7 +35,6 @@
 **/etc/systemd/system/multi-user.target.wants/openvpn@*
 **/etc/ssh
 **/home
-**/root
 **ssl/
 !**ssl/.keepme
 !**ssl/openssl.cnf

bdisk/bGPG.py

@@ -12,8 +12,15 @@ def genGPG(conf):
     dlpath = build['dlpath']
     bdisk = conf['bdisk']
     gpghome = conf['gpg']['mygpghome']
-    distkey = build['gpgkey']
-    gpgkeyserver = build['gpgkeyserver']
+    distkeys = []
+    gpgkeyserver = []
+    for a in conf['build']['arch']:
+        keysrv = conf['src'][a]['gpgkeyserver']
+        distkey = conf['src'][a]['gpgkey']
+        if keysrv and (keysrv not in gpgkeyserver):
+            gpgkeyserver.append(keysrv)
+        if distkey and(distkey not in distkeys):
+            distkeys.append(distkey)
     templates_dir = '{0}/extra/templates'.format(build['basedir'])
     mykey = False
     pkeys = []
@@ -28,19 +35,21 @@ def genGPG(conf):
         if gpghome == '':
             # We'll generate a key if we can't find one here.
             gpghome = build['dlpath'] + '/.gnupg'
+    killStaleAgent(conf)
     os.environ['GNUPGHOME'] = gpghome
     gpg = gpgme.Context()
     # do we need to add a keyserver?
-    if gpgkeyserver != '':
+    if len(gpgkeyserver) != 0:
         dirmgr = '{0}/dirmngr.conf'.format(gpghome)
+        for s in gpgkeyserver:
             if os.path.isfile(dirmgr):
                 with open(dirmgr, 'r+') as f:
-                findme = any(gpgkeyserver in line for line in f)
+                    findme = any(s in line for line in f)
                     if not findme:
                         f.seek(0, os.SEEK_END)
                         f.write("\n# Added by {0}.\nkeyserver {1}\n".format(
                                                             bdisk['pname'],
-                                                        gpgkeyserver))
+                                                            s))
     if mykey:
         try:
             privkey = gpg.get_key(mykey, True)
@@ -62,25 +71,22 @@ def genGPG(conf):
             privkey = gpg.get_key(gpg.genkey(tpl_out).fpr, True)
             pkeys.append(privkey)
             # do we need to add a keyserver? this is for the freshly-generated GNUPGHOME
-            if build['gpgkeyserver'] != '':
+            if len(gpgkeyserver) != 0:
                 dirmgr = '{0}/dirmngr.conf'.format(gpghome)
+                for s in gpgkeyserver:
                     with open(dirmgr, 'r+') as f:
-                    findme = any(gpgkeyserver in line for line in f)
+                        findme = any(s in line for line in f)
                         if not findme:
                             f.seek(0, os.SEEK_END)
                             f.write("\n# Added by {0}.\nkeyserver {1}\n".format(
                                                                 bdisk['pname'],
-                                                            build['gpgkeyserver']))
+                                                                s))
     gpg.signers = pkeys
     # Now we try to find and add the key for the base image.
     gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN  # remote (keyserver)
-    if distkey: # testing
-    #try:
-        key = gpg.get_key(distkey)
-    #except:
-    #    exit('{0}: ERROR: We cannot find key ID {1}!'.format(
-    #                                datetime.datetime.now(),
-    #                                distkey))
+    if len(distkeys) > 0: # testing
+        for k in distkeys:
+            key = gpg.get_key(k)
             importkey = key.subkeys[0].fpr
             gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
             DEVNULL = open(os.devnull, 'w')
@@ -94,8 +100,8 @@ def genGPG(conf):
                     '0x{0}'.format(importkey)]
             subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
             sigkeys = []
-    for k in gpg.get_key(importkey).subkeys:
-        sigkeys.append(k.fpr)
+            for i in gpg.get_key(importkey).subkeys:
+                sigkeys.append(i.fpr)
             cmd = ['/usr/bin/gpg',
                     '--batch',
                     '--yes',
@@ -111,13 +117,13 @@ def killStaleAgent(conf):
     # Kill off any stale GPG agents running.
     # Probably not even needed, but good to have.
     chrootdir = conf['build']['chrootdir']
-    dlpath = conf['build']['dlpath']
+    gpgpath = conf['gpg']['mygpghome']
     procs = psutil.process_iter()
     plst = []
     for p in procs:
         if (p.name() in ('gpg-agent', 'dirmngr') and p.uids()[0] == os.getuid()):
             pd = psutil.Process(p.pid).as_dict()
-            for d in (chrootdir, dlpath):
+            for d in (chrootdir, gpgpath):
                 if pd['cwd'].startswith('{0}'.format(d)):
                     plst.append(p.pid)
     if len(plst) >= 1:
@@ -125,7 +131,7 @@ def killStaleAgent(conf):
             psutil.Process(p).terminate()
 
 def signIMG(path, conf):
-    if conf['build']['gpg']:
+    if conf['build']['sign']:
         # Do we want to kill off any stale gpg-agents? (So we spawn a new one)
         # Requires further testing.
         #killStaleAgent()

bdisk/bchroot.py

@@ -138,11 +138,12 @@ def chrootTrim(build):
                                                         humanize.naturalsize(
                                                             os.path.getsize(tarball)),
                                                         dbdir))
-        for d in ('etc/pacman.d/gnupg', 'var/empty/.gnupg'):
-            if os.path.isdir('{0}/root.{1}/{2}'.format(chrootdir, a, d)):
-                shutil.rmtree('{0}/root.{1}/{2}'.format(chrootdir, a, d))
+        #for d in ('etc/pacman.d/gnupg', 'var/empty/.gnupg'):  # actually, we should probably keep these.
+        # they don't take much space, and it's a PITA to pacman-key --init && pacman-key --populate again on boot.
+        #    if os.path.isdir('{0}/root.{1}/{2}'.format(chrootdir, a, d)):
+        #        shutil.rmtree('{0}/root.{1}/{2}'.format(chrootdir, a, d))
         # TODO: move the self-cleanup in pre-build.sh to here.
-        delme = ['/root/.gnupg',
+        delme = [#'/root/.gnupg',  # see above
                 '/root/.bash_history',
                 #'/var/log/chroot_install.log',  # disable for now. maybe always disable if debug is enabled? TODO.
                 '/.git',

bdisk/bdisk.py

@@ -8,12 +8,15 @@ import bSSL
 import ipxe
 import bsync
 import bGPG
+import os
 
 # we need to:
 # we also need to figure out how to implement "mentos" (old bdisk) like functionality, letting us reuse an existing chroot install if possible to save time for future builds.
 #   if not, though, it's no big deal.
 # still on the todo: iPXE
 if __name__ == '__main__':
+    if os.getuid() != 0:
+        exit('{0}: ERROR: BDisk *must* be run as the root user or with sudo!'.format(datetime.datetime.now()))
     print('{0}: Starting.'.format(datetime.datetime.now()))
     conf = host.parseConfig(host.getConfig())[1]
     prep.dirChk(conf)

bdisk/host.py

@@ -24,10 +24,13 @@ def getHostname():
     hostname = platform.node()
     return(hostname)
 
-def getConfig(conf_file='/etc/bdisk/build.ini'):
+def getConfig(conf_file = '/etc/bdisk/build.ini'):
     conf = False
     # define some defailt conf paths in case we're installed by
     # a package manager. in order of the paths we should search.
+    currentdir = os.path.dirname(os.path.realpath(__file__))
+    currentdir_user = os.path.abspath('{0}/../build.ini'.format(currentdir))
+    currentdir_def = os.path.abspath('{0}/../extra/dist.build.ini'.format(currentdir))
     default_conf_paths = ['/etc/bdisk/build.ini',
                         '/usr/share/bdisk/build.ini',
                         '/usr/share/bdisk/extra/build.ini',
@@ -36,7 +39,8 @@ def getConfig(conf_file='/etc/bdisk/build.ini'):
                         '/usr/local/share/docs/bdisk/build.ini',
                         '/opt/dev/bdisk/build.ini',
                         '/opt/dev/bdisk/extra/build.ini',
-                        '/opt/dev/bdisk/extra/dist.build.ini']
+                        '/opt/dev/bdisk/extra/dist.build.ini',
+                        currentdir_user]
         # if we weren't given one/using the default...
     if conf_file == '/etc/bdisk/build.ini':
         if not os.path.isfile(conf_file):
@@ -46,7 +50,9 @@ def getConfig(conf_file='/etc/bdisk/build.ini'):
                     break
         else:
             conf = conf_file
-    defconf = '{0}/../extra/dist.build.ini'.format(os.path.dirname(os.path.realpath(__file__)))
+    else:
+        conf = conf_file
+    defconf = os.path.abspath('{0}/../extra/dist.build.ini'.format(os.path.dirname(os.path.realpath(__file__))))
     if not conf:
         # okay, so let's check for distributed/"blank" ini's
         # since we can't seem to find one.
@@ -68,9 +74,9 @@ def parseConfig(confs):
     config_dict = {s:dict(config.items(s)) for s in config.sections()}
     # Convert the booleans to pythonic booleans in the dict...
     config_dict['bdisk']['user'] = config['bdisk'].getboolean('user')
-    config_dict['build']['gpg'] = config['build'].getboolean('gpg')
     config_dict['build']['i_am_a_racecar'] = config['build'].getboolean('i_am_a_racecar')
     config_dict['build']['ipxe'] = config['build'].getboolean('ipxe')
+    config_dict['build']['sign'] = config['build'].getboolean('sign')
     config_dict['build']['multiarch'] = (config_dict['build']['multiarch']).lower()
     config_dict['ipxe']['iso'] = config['ipxe'].getboolean('iso')
     config_dict['ipxe']['usb'] = config['ipxe'].getboolean('usb')
@@ -91,12 +97,17 @@ def parseConfig(confs):
     # commits on top of a new tagged release). e.g. for build Y:
     # v#.##-Y or v#.##rX-Y
     if config_dict['bdisk']['ver'] == '':
+        try:
             repo = git.Repo(config_dict['build']['basedir'])
             refs = repo.git.describe(repo.head.commit).split('-')
             if len(refs) >= 2:
                 config_dict['bdisk']['ver'] = refs[0] + 'r' + refs[1]
             else:
                 config_dict['bdisk']['ver'] = refs[0]
+        except:
+            exit(('{0}: ERROR: {1} is NOT a valid git repository, and you did not specify bdisk:ver in your build.ini! ' +
+                  'Did you perhaps install from a package manager? Please refer to the documentation.').format(datetime.datetime.now(),
+                                                                                                               config_dict['build']['basedir']))
     # And the build number.
     # TODO: support tracking builds per version. i.e. in buildnum:
     # v2.51r13:0
@@ -126,16 +137,20 @@ def parseConfig(confs):
                                         config_dict['build']['multiarch']))
     ## VALIDATORS ##
     # Validate bootstrap mirror
-    if (validators.domain(config_dict['build']['mirror']) or validators.ipv4(
-                                config_dict['build']['mirror']) or validatords.ipv6(
-                                config_dict['build']['mirror'])):
+    config_dict['src'] = {}
+    for a in config_dict['build']['arch']:
+        config_dict['src'][a] = config_dict['source_' + a]
+        if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
+                                    config_dict['src'][a]['mirror']) or validatords.ipv6(
+                                    config_dict['src'][a]['mirror'])):
             try:
-            getaddrinfo(config_dict['build']['mirror'], None)
+                getaddrinfo(config_dict['src'][a]['mirror'], None)
             except:
                 exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' + 
                     'mirror for the bootstrap tarballs. Check your configuration.').format(
                                             datetime.datetime.now(),
-                                        config_dict['build']['host']))
+                                            config_dict['src'][a]['host']))
+        config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
     # Are we rsyncing? If so, validate the rsync host.
     # Works for IP address too. It does NOT check to see if we can
     # actually *rsync* to it; that'll come later.

bdisk/prep.py

@@ -25,27 +25,34 @@ def dirChk(conf):
 def downloadTarball(conf):
     build = conf['build']
     dlpath = build['dlpath']
+    src = conf['src']
     arch = build['arch']
-    #mirror = 'http://mirrors.kernel.org/archlinux'
-    mirror = build['mirrorproto'] + '://' + build['mirror']
-    rlsdir = mirror + build['mirrorpath']
-    sha_in = urlopen(mirror + build['mirrorchksum'])
+    tarball_path = {}
+    for a in arch:
+        locsrc = conf['source_' + a]
+        mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
+        rlsdir = mirror + locsrc['mirrorpath']
+        if locsrc['mirrorchksum'] != '':
+            if locsrc['chksumtype'] == '':
+                exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a))
+            hash_type = locsrc['chksumtype']
+            hash_in = urlopen(mirror + locsrc['mirrorchksum'])
+            hashsums = hash_in.read()
+            hash_in.close()
+            hash_raw = hashsums.decode("utf-8")
+            hash_list = list(filter(None, hash_raw.split('\n')))
+            hash_dict = {x.split()[1]: x.split()[0] for x in hash_list}
         # returns path/filename e.g. /some/path/to/file.tar.gz
         # we use .gnupg since we'll need it later.
         os.makedirs(dlpath + '/.gnupg', exist_ok = True)
-    tarball_path = {}
-    for x in arch:
-        tarball_path[x] = dlpath + '/.latest.' + x + '.tar'
-    sha1sums = sha_in.read()
-    sha_in.close()
-    sha_raw = sha1sums.decode("utf-8")
-    sha_list = list(filter(None, sha_raw.split('\n')))
-    sha_dict = {x.split()[1]: x.split()[0] for x in sha_list}
-    # all that lousy work just to get a sha1 sum. okay. so.
-    for a in arch:
+        tarball_path[a] = dlpath + '/.latest.' + a + '.tar'
         pattern = re.compile('^.*' + a + '\.tar(\.(gz|bz2|xz))?$')
-        tarball = [filename.group(0) for l in list(sha_dict.keys()) for filename in [pattern.search(l)] if filename][0]
-        sha1 = sha_dict[tarball]
+        if locsrc['mirrorfile'] != '':
+            tarball = locsrc['mirrorfile']
+        else:
+            tarball = [filename.group(0) for l in list(hash_dict.keys()) for filename in [pattern.search(l)] if filename][0]
+        if locsrc['mirrorchksum'] != '':
+            hashsum = hash_dict[tarball]
         if os.path.isfile(tarball_path[a]):
             pass
         else:
@@ -53,7 +60,6 @@ def downloadTarball(conf):
             print("{0}: [PREP] Fetching tarball ({1} architecture)...".format(
                                                             datetime.datetime.now(),
                                                             a))
-            #dl_file = urllib.URLopener()
             tarball_dl = urlopen(rlsdir + tarball)
             with open(tarball_path[a], 'wb') as f:
                 f.write(tarball_dl.read())
@@ -63,20 +69,32 @@ def downloadTarball(conf):
                                                     tarball_path[a],
                                                     humanize.naturalsize(
                                                         os.path.getsize(tarball_path[a]))))
+        if locsrc['mirrorchksum'] != '':
             print("{0}: [PREP] Checking hash checksum {1} against {2}...".format(
                                                         datetime.datetime.now(),
-                                                    sha1,
+                                                        hashsum,
                                                         tarball_path[a]))
-        tarball_hash = hashlib.sha1(open(tarball_path[a], 'rb').read()).hexdigest()
-        if tarball_hash != sha1:
+            # Calculate the checksum according to type specified.
+            tarball_hash = False
+            for i in hashlib.algorithms_available:
+                if hash_type == i:
+                    hashfunc = getattr(hashlib, i)
+                    tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
+                    break
+            if not tarball_hash:
+                exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
+                                                            datetime.datetime.now(),
+                                                            a,
+                                                            hash_type))
+            if tarball_hash != hashsum:
                 exit(("{0}: {1} either did not download correctly\n\t\t\t    or a wrong (probably old) version exists on the filesystem.\n\t\t\t    " +
                                     "Please delete it and try again.").format(datetime.datetime.now(), tarball))
-        elif build['mirrorgpgsig'] != '':
-            # okay, so the sha1 matches. let's verify the signature.
-            if build['mirrorgpgsig'] == '.sig':
+        if locsrc['mirrorgpgsig'] != '':
+            # let's verify the signature.
+            if locsrc['mirrorgpgsig'] == '.sig':
                 gpgsig_remote = rlsdir + tarball + '.sig'
             else:
-                gpgsig_remote = build['mirrorgpgsig']
+                gpgsig_remote = locsrc['mirrorgpgsig']
             sig_dl = urlopen(gpgsig_remote)
             sig = tarball_path[a] + '.sig'
             with open(sig, 'wb+') as f:

docs/TODO

@@ -1,5 +1,6 @@
 ## Missing v2.x functionality ##
 -i_am_a_racecar optimizations
+- different distro guests (debian, etc.)- https://stackoverflow.com/questions/2349991/python-how-to-import-other-python-files/20749411#20749411
 -incorporate this into the manual?
 -TFTP configs generated for pxelinux
 -fix the branding, etc. on ipxe. :(
@@ -9,15 +10,15 @@
 -- https://code.google.com/p/byte-unixbench/
 -- https://github.com/akopytov/sysbench
 -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
--implement pyalpm to decreate dependency on chroot pacman-ing?
+-There *has* to be a better way of handling package installation in the chroots.
+--implement pyalpm to decreate dependency on chroot pacman-ing?
 --or even maybe https://wiki.archlinux.org/index.php/offline_installation_of_packages in pure python!
 -set up automatic exporting to PDF of the user manual server-side. https://pypi.python.org/pypi/unoconv/0.6
--There *has* to be a better way of handling package installation in the chroots.
 -maybe remove lxde, firefox, chrome and replace with enlightenment/midori?
 -custom repo? https://brainwreckedtech.wordpress.com/2013/01/27/making-your-own-arch-linux-repository/
---https://wiki.archlinux.org/index.php/Building_32-bit_packages_on_a_64-bit_system
+--https://wiki.archlinux.org/index.php/Building_32-bit_packages_on_a_64-bit_system # NOTE: arch has dropped i686, now continued as archlinux32
 -implement better "additional" packages list. specify for path in build.ini- these should be more easily changed by end users. DON'T TOUCH iso.pkgs.lst since those are necessary for booting.
--shorewall/some other firewall?
+-automatic shorewall/some other firewall?
 -autodetection/configuration of network. DHCP is currently running by default, but does it need to support IPv6? if so, how would the user configure their network?
 -DISABLE NETWORKMANAGER AND "fi.w1.wpa_supplicant1"??? keeps spawning wpa_supplicant (and thusly killing networking proper)
 -for netboot, custom user agent (should be defined by build.ini)
@@ -27,7 +28,7 @@
 -WISH: signing for secureboot releases (PreLoader and loader.efi handle this okay, but require manual intervention)
 -does loader.efi support splash backgrounds? can i implement that differently somehow?
 --yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
--strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
+-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.) before building ISO
 -incorporate iPXE tweaks:
 --http://ipxe.org/crypto 
 --http://ipxe.org/cmd/imgtrust
@@ -39,6 +40,7 @@
 ---#imgverify initrd path/to/initrd.sig
 ---DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
 -enable mirror= kernel commandline.
+-NOTE: Following should be implemented via AIF-NG (https://git.square-r00t.net/AIF-NG, work pending for fix to BDisk for i686/x86_64 split) 
 --if mirror_(NAME) is present, use that as repo name.
 --if it starts with /, treat as mirrorlist (Include); otherwise use Server = 
 --if it has mirror_SIG-X, set signature options e.g. _SIG-N would be "SigLevel = Never"
@@ -47,5 +49,3 @@
 -include WinMTR, build Mac OS X MTR for dist/tools on CD
 -include pre-compiled LibreCrypt for opening LUKS parts on Windows (https://github.com/t-d-k/LibreCrypt)
 --curl -s https://raw.githubusercontent.com/t-d-k/LibreCrypt/master/README.md | egrep 'InstallLibreCrypt_v[A-Za-z0-9\.]*.exe' | cut -f2 -d'"'
-
-

docs/manual/HEAD.adoc

@@ -1,6 +1,6 @@
 = BDisk User and Developer Manual
 Brent Saner <bts@square-r00t.net>
-v1.0, 2016-12
+v1.1, 2017-03-06
 :doctype: book
 :data-uri:
 :imagesdir: images

docs/manual/user/BUILDINI.adoc

@@ -16,6 +16,7 @@ If you want to use your own `build.ini` file (and you should!), the following pa
 * `/opt/dev/bdisk/build.ini`
 * `/opt/dev/bdisk/extra/build.ini`
 * `/opt/dev/bdisk/extra/dist.build.ini`
+* `<bdisk.py directory>/../build.ini`
 
 We'll go into more detail for each section below.
 
@@ -35,16 +36,27 @@ We'll go into more detail for each section below.
  username = ${bdisk:uxname}
  name = Default user
  password = $$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/
- [build]
+ [source_x86_64]
+ mirror = mirror.us.leaseweb.net
+ mirrorproto = https
+ mirrorpath = /archlinux/iso/latest/
+ mirrorfile = .sig
+ mirrorchksum = ${mirrorpath}sha1sums.txt
+ chksumtype = sha1
+ mirrorgpgsig =
+ gpgkey = 7F2D434B9741E8AC
+ gpgkeyserver =
+ [source_i686]
  mirror = mirror.us.leaseweb.net
  mirrorproto = https
  mirrorpath = /archlinux/iso/latest/
  mirrorfile = 
  mirrorchksum = ${mirrorpath}sha1sums.txt
+ chksumtype = sha1
  mirrorgpgsig =
- gpgkey = 7F2D434B9741E8AC
+ gpgkey =
  gpgkeyserver =
- gpg = no
+ [build]
  dlpath = /var/tmp/${bdisk:uxname}
  chrootdir = /var/tmp/chroots
  basedir = /opt/dev/bdisk
@@ -53,7 +65,8 @@ We'll go into more detail for each section below.
  prepdir = ${dlpath}/temp
  archboot = ${prepdir}/${bdisk:name}
  mountpt = /mnt/${bdisk:uxname}
- multiarch = yes
+ multiarch = x86_64
+ sign = yes
  ipxe = no
  i_am_a_racecar = no
  [gpg]
@@ -114,7 +127,7 @@ This string is used for "pretty-printing" of the project name; it should be a mo
 . ASCII only
 
 ==== `ver`
-The version string. If this isn't specified, we'll try to guess based on the current git commit and tags in `<<code_basedir_code,build:basedir>>`.
+The version string. If this isn't specified, we'll try to guess based on the current git commit and tags in `<<code_basedir_code,build:basedir>>`. If `<<code_basedir_code,build:basedir>>` is *not* a git repository (i.e. you installed BDisk from a package manager), you MUST specify a version number.
 
 . No whitespace
 
@@ -184,15 +197,23 @@ The escaped, salted, hashed string to use for the non-root user.
 
 Please see <<passwords,the section on passwords>> for information on this value. In the <<example,example above>>, the string `$$6$$t92Uvm1ETLocDb1D$$BvI0Sa6CSXxzIKBinIaJHb1gLJWheoXp7WzdideAJN46aChFu3hKg07QaIJNk4dfIJ2ry3tEfo3FRvstKWasg/` is created from the password `test`. I cannot stress this enough, do not use a plaintext password here nor just use a regular `/etc/shadow` file/`crypt(3)` hash here. Read the section. I promise it's short.
 
-=== `[build]`
-This section controls some aspects about the host and things like filesystem paths, etc.
+=== `[source_<arch>]`
+This section controls where to fetch the "base" tarballs.
+
+NOTE: Previously, these settings were *not* architecture-specific, and included in the <<code_build_code,`build`>> section.
+
+It was necessary to create this section per architecture, because https://www.archlinux.org/news/phasing-out-i686-support/[Arch Linux has dropped i686 support^]. However, plenty of other distros also have removed support and other third-party projects have ported. (You can find the Arch Linux 32-bit/i686 port project http://archlinux32.org/[here^].)
+
+The directives here are only covered once, however, since both sections are identical- they just allow you to specify different mirrors. Note that the two settings are `[source_i686]` (for 32-bit) and `[source_x86_64]` (for 64-bit/multilib).
+
+Which section is used (or both) depends on what <<code_multiarch_code, architectures you have enabled>> for the build.
 
 ==== `mirror`
 A mirror that hosts the bootstrap tarball. It is *highly* recommended you use an Arch Linux https://wiki.archlinux.org/index.php/Install_from_existing_Linux#Method_A:_Using_the_bootstrap_image_.28recommended.29[bootstrap tarball^] as the build process is highly specialized to this (but <<bug_reports_feature_requests,patches/feature requests>> are welcome for other built distros). You can find a list of mirrors at the bottom of Arch's https://www.archlinux.org/download/[download page^].
 
 . No whitespace
 . Must be accessible remotely/via a WAN-recognized address
-. Must be a domain/FQDN only; no paths (those come later!)
+. Must be a domain/FQDN (or IP address) only; no paths (those come later!)
 
 ==== `mirrorproto`
 What protocol should we use for the <<code_mirror_code,`mirror`>>?
@@ -208,14 +229,42 @@ What is the path to the tarball directory on the <<code_mirror_code,`mirror`>>?
 . No whitespace
 
 ==== `mirrorfile`
-What is the filename for the tarball found in the path specified in <<code_mirrorpath_code,`mirrorpath`>> ? If left blank, we will use the sha1 <<code_mirrorchksum_code,checksum>> file to try to guess the most recent file.
+What is the filename for the tarball found in the path specified in <<code_mirrorpath_code,`mirrorpath`>> ? If left blank, we will use the hash <<code_mirrorchksum_code,checksum>> file to try to guess the most recent file.
 
 ==== `mirrorchksum`
-The path to a sha1 checksum file of the bootstrap tarball.
+*[optional]* +
+*default: (no hash checking done)* +
+*requires: <<code_chksumtype_code,`chksumtype`>>*
+
+The path to a checksum file of the bootstrap tarball.
 
 . No whitespace
 . Must be the full path
-. Don't include the mirror domain or protocol
+. Don't include the <<code_mirror_code,mirror domain>> or <<code_mirrorproto_code,protocol>>
+
+==== `chksumtype`
+The algorithm that <<code_mirrorchksum_code,`mirrorchksum`>>'s hashes are in.
+
+[options="header"]
+|======================
+7+^|Accepts one of:
+^m|blake2b
+^m|blake2s
+^m|md5
+^m|sha1
+^m|sha224
+^m|sha256
+^m|sha384
+^m|sha512
+^m|sha3_224
+^m|sha3_256
+^m|sha3_384
+^m|sha3_512
+^m|shake_128
+^m|shake_256
+|======================
+
+TIP: You may have support for additional hashing algorithms, but these are the ones gauranteed to be supported by Python's https://docs.python.org/3/library/hashlib.html[hashlib module^]. To get a full list of algorithms the computer you're building on supports, you can run `python3 -c 'import hashlib;print(hashlib.algorithms_available)'`. Most likely, however, <<code_mirrorchksum_code,`mirrorchksum`>> is going to be hashes of one of the above.
 
 ==== `mirrorgpgsig`
 *[optional]* +
@@ -225,7 +274,7 @@ The path to a sha1 checksum file of the bootstrap tarball.
 
 If the bootstrap tarball file has a GPG signature, we can use it for extra checking. If it's blank, GPG checking will be disabled.
 
-If you specify just `.sig` (or use the default and don't specify a <<code_mirrorfile_code,`mirrorfile`>>), BDisk will try to guess based on the file from the sha1 <<code_mirrorchksum_code,checksum>> file. Note that this must evaluate to a full URL. (e.g. `${mirrorproto}://${mirror}${mirrorpath}somefile.sig`)
+If you specify just `.sig` (or use the default and don't specify a <<code_mirrorfile_code,`mirrorfile`>>), BDisk will try to guess based on the file from the hash <<code_mirrorchksum_code,checksum>> file. Note that unless you're using the `.sig` "autodetection", this must evaluate to a full URL. (e.g. `${mirrorproto}://${mirror}${mirrorpath}somefile.sig`)
 
 ==== `gpgkey`
 *requires: <<optional,_gpg/gnupg_>>*
@@ -245,6 +294,18 @@ What is a valid keyserver we should use to fetch <<code_gpgkey_code,`gpgkey`>>?
 . The default (blank) is probably fine. If you don't specify a personal GPG config, then you'll most likely want to leave this blank.
 . If set, make sure it is a valid keyserver URI (e.g. `hkp://keys.gnupg.net`)
 
+[options="header"]
+|======================
+2+^|Accepts (case-insensitive) one of:
+^m|yes ^m|no
+^m|true ^m|false
+^m|1 ^m|0
+|======================
+
+=== `[build]`
+This section controls some aspects about the host and things like filesystem paths, etc.
+
+
 ==== `gpg`
 Should we sign our release files? See the <<code_gpg_code_2,`[gpg]`>> section.
 
@@ -454,7 +515,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei
 . Group must exist on build system
 
 |======================
-^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
+^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
 |======================
 
 === `[tftp]`
@@ -486,7 +547,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei
 . Group must exist on build system
 
 |======================
-^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
+^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
 |======================
 
 === `[ipxe]`

docs/manual/user/GETTING_STARTED.adoc

@@ -7,13 +7,13 @@ image::fig1.1.png[cgit,align="center"]
 
 If you know the tag of the commit you want, you can use curl:
 
- curl -sL -o bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.11.tar.xz
+ curl -sL -o bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.00-BETA.tar.xz
 
 or wget:
 
- wget -O bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.11.tar.xz
+ wget -O bdisk.tar.xz https://git.square-r00t.net/BDisk/snapshot/BDisk-3.00-BETA.tar.xz
 
-You can use `https://git.square-r00t.net/BDisk/snapshot/BDisk-master.tar.xz` for the URL if you want the latest working version. If you want a snapshot of a specific commit, you can use e.g. `https://git.square-r00t.net/BDisk/snapshot/BDisk-5ac510762ce00eef213957825de0e6d07186e7f8.tar.xz` and so on.
+You can use `https://git.square-r00t.net/BDisk/snapshot/BDisk-master.tar.xz` for the URL if you want the latest working version. If you want a snapshot of a specific commit, you can use e.g. `https://git.square-r00t.net/BDisk/snapshot/BDisk-a1fe1dbc0a0ce2b2a5d1b470d30b60636f9b2efa.tar.xz` and so on.
 
 Alternatively, you can use https://git-scm.com/[git^]. Git most definitely _should_ be in your distro's repositories.
 
@@ -50,9 +50,13 @@ These are needed for using BDisk.
 
 These are required Python modules:
 
+* https://pypi.python.org/pypi/GitPython[GitPython^]
 * https://pypi.python.org/pypi/humanize[Humanize^]
 * http://jinja.pocoo.org/[Jinja2^]
 * https://pypi.python.org/pypi/psutil[PSUtil^]
+* https://pypi.python.org/pypi/patch[Patch^]
+* https://pypi.python.org/pypi/pygpgme[PyGPGME^]
+* https://pypi.python.org/pypi/pyOpenSSL[PyOpenSSL^]
 * https://pypi.python.org/pypi/validators[Validators^]
 
 ==== Optional
@@ -71,14 +75,4 @@ NOTE: If you do not wish to install any of these or cannot install them, be sure
 * https://rsync.samba.org/[rsync^]
 ** For syncing built ISOs to a fileserver, syncing to a remote iPXE server, syncing to a traditional PXE/TFTP server, etc.
 
-These are optional Python modules:
-
-* https://pypi.python.org/pypi/GitPython[GitPython^]
-** (Same reasons as _git_)
-* https://pypi.python.org/pypi/pygpgme[PyGPGME^]
-** (Same reasons as _gpg/gnupg_)
-* https://pypi.python.org/pypi/patch[Patch^]
-** For branding iPXE environments per your `build.ini`.
-* https://pypi.python.org/pypi/pyOpenSSL[PyOpenSSL^]
-** To set up a PKI when building iPXE; used to create trusted/verified images.
 

extra/dist.build.ini

@@ -28,15 +28,29 @@ username = ${bdisk:uxname}
 name = Default user
 password =
 
-[build]
+[source_x86_64]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
+chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
+
+[source_i686]
+mirror = mirror.us.leaseweb.net
+mirrorproto = https
+mirrorpath = /archlinux/iso/latest/
+mirrorfile = 
+mirrorchksum = ${mirrorpath}sha1sums.txt
+chksumtype = sha1
+mirrorgpgsig =
+gpgkey = 7F2D434B9741E8AC
+gpgkeyserver =
+
+[build]
 gpg = no
 dlpath = /var/tmp/${bdisk:uxname}
 chrootdir = /var/tmp/chroots
@@ -46,13 +60,15 @@ srcdir = ${dlpath}/src
 prepdir = ${dlpath}/temp
 archboot = ${prepdir}/${bdisk:name}
 mountpt = /mnt/${bdisk:uxname}
-multiarch = yes
-ipxe =
+#multiarch = yes
+multiarch = x86_64
+sign = yes
+ipxe = no
 i_am_a_racecar = yes
 
 [gpg]
 mygpgkey =
-mygpghome =
+mygpghome = ${build:dlpath}/.gnupg
 
 [sync]
 http = no

extra/modules/distro/TEMPLATE

@@ -0,0 +1,48 @@
+# The modules found in here are for distro-specific differences in the builds.
+# For instance, if you want to build a Debian-based BDisk, you'd specify pkg['install'] = ['apt-get', '-y', 'install', '%PKG%'],
+# name this file as "debian.py", and set bdisk:distro as 'debian'.
+# Note that the guest will need python installed. If distro is set as "NOCHECK", a distro check of the tarball won't be performed
+# (as the distro check requires python be installed first).
+
+# Special variables to be used in strings:
+# %PKG%	= the name of a package would be inserted here.
+
+# This template uses Debian as an example.
+
+# The name of the distro. Must match the output from platform.linux_distribution()[0].lower()
+# Regex is supported.
+distro = 'debian'
+
+# The path to python. Can be either python 2.x (2.6 or higher) or 3.x.
+pybin = '/usr/bin/python'
+
+guestenv = {}
+# The following environment variables will be set for the guest.
+guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
+
+scripts = {}
+# This variable can be used to perform some additional system tweaks and such. This is run before package installation.
+# It must be formatted as a complete script- i.e. include a shebang etc.
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+
+# This variable can be used to perform some additional system tweaks and such. This is run after package installation.
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+
+
+pkg = {}
+# The command, with arguments, in list format that should be run before we install software in the guest.
+# For instance, if your guest distro requires a local package listing cache (nearly all of them do) to be
+# updated first, this is where it would be run.
+pkg['pre'] = ['apt-get', '-y', 'update']
+
+# The command, with arguments, in a list format to install a package.
+# Note that the command must be constructed in a way that does not require user interaction.
+pkg['install'] = ['apt-get', '-y', 'install', '%PKG%']
+
+# The command, with arguments, in list format to use to check if a package is installed.
+# It should return 0 on exist status if it's installed. Any other exit status assumes the package is not installed.
+pkg['check'] = ['dpkg-query', '-f', '${binary:Package}\n', '-W', '%PKG']

extra/modules/distro/arch.py

@@ -0,0 +1,11 @@
+distro = 'arch'
+pybin = '/usr/bin/python'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['pacman', '-Syyy']
+pkg['install'] = ['apacman', '-S', '%PKG%']
+pkg['check'] = ['pacman', '-Q', '%PKG']

extra/modules/distro/centos.py

@@ -0,0 +1,11 @@
+distro = 'centos linux'
+pybin = '/usr/bin/python'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['yum', 'makecache']
+pkg['install'] = ['yum', '-y', 'install', '%PKG%']
+pkg['check'] = ['rpm', '-qi', '%PKG']

extra/modules/distro/debian.py

@@ -0,0 +1,12 @@
+distro = 'debian'
+pybin = '/usr/bin/python'
+guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['apt-get', '-q', '-y', 'update']
+pkg['install'] = ['apt-get', '-q', '-y', '-o Dpkg::Options::="--force-confdef"', '-o Dpkg::Options::="--force-confold"', 'install', '%PKG%']
+pkg['check'] = ['dpkg-query', '-f', "'${binary:Package}\n'", '-W', '%PKG']

extra/modules/distro/fedora.py

@@ -0,0 +1,11 @@
+distro = 'fedora'
+pybin = '/usr/bin/python3'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['yum', 'makecache']
+pkg['install'] = ['yum', '-y', 'install', '%PKG%']
+pkg['check'] = ['rpm', '-qi', '%PKG']

extra/modules/distro/rhel.py

@@ -0,0 +1,11 @@
+distro = 'red hat enterprise linux (server|desktop)'
+pybin = '/usr/bin/python'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['yum', 'makecache']
+pkg['install'] = ['yum', '-y', 'install', '%PKG%']
+pkg['check'] = ['rpm', '-qi', '%PKG']

extra/modules/distro/sles.py

@@ -0,0 +1,11 @@
+distro = 'suse linux enterprise server'
+pybin = '/usr/bin/python'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['zypper', 'refresh']
+pkg['install'] = ['zypper', 'install', '--no-confirm', '-l', '%PKG%']
+pkg['check'] = ['rpm', '-qi', '%PKG']

extra/modules/distro/ubuntu.py

@@ -0,0 +1,12 @@
+distro = 'ubuntu'
+pybin = '/usr/bin/python'
+guestenv['DEBIAN_FRONTEND'] = 'noninteractive'
+script['pre'] = """#!/bin/bash
+touch /root/BDISK
+"""
+script['post'] = """#!/bin/bash
+rm -f /root/BDISK
+"""
+pkg['pre'] = ['apt-get', '-q', '-y', 'update']
+pkg['install'] = ['apt-get', '-q', '-y', '-o Dpkg::Options::="--force-confdef"', '-o Dpkg::Options::="--force-confold"', 'install', '%PKG%']
+pkg['check'] = ['dpkg-query', '-f', "'${binary:Package}\n'", '-W', '%PKG']

extra/pkg.build.ini

@@ -28,31 +28,46 @@ username = ${bdisk:uxname}
 name = Default user
 password =
 
-[build]
+[source_x86_64]
 mirror = mirror.us.leaseweb.net
 mirrorproto = https
 mirrorpath = /archlinux/iso/latest/
 mirrorfile = 
 mirrorchksum = ${mirrorpath}sha1sums.txt
+chksumtype = sha1
 mirrorgpgsig =
 gpgkey = 7F2D434B9741E8AC
 gpgkeyserver =
+
+[source_i686]
+mirror = mirror.us.leaseweb.net
+mirrorproto = https
+mirrorpath = /archlinux/iso/latest/
+mirrorfile = 
+mirrorchksum = ${mirrorpath}sha1sums.txt
+chksumtype = sha1
+mirrorgpgsig =
+gpgkey = 7F2D434B9741E8AC
+gpgkeyserver =
+
+[build]
 gpg = no
 dlpath = /var/tmp/${bdisk:uxname}
 chrootdir = /var/tmp/chroots
-basedir = /opt/dev/bdisk
+basedir = /var/lib/bdisk
 isodir = ${dlpath}/iso
 srcdir = ${dlpath}/src
 prepdir = ${dlpath}/temp
 archboot = ${prepdir}/${bdisk:name}
 mountpt = /mnt/${bdisk:uxname}
-multiarch = yes
+#multiarch = yes
+multiarch = x86_64
 ipxe = no
 i_am_a_racecar = no
 
 [gpg]
 mygpgkey =
-mygpghome =
+mygpghome = ${build:dlpath}/.gnupg
 
 [sync]
 http = no

extra/pre-build.d/etc/initcpio/install/livecd

@@ -14,6 +14,7 @@ build()
         add_binary "/usr/bin/sed"
         add_binary "/usr/bin/pkill"
         add_binary "/usr/bin/curl"
+        add_binary "/usr/bin/pv"
 	add_full_dir /etc/ssl
     	add_full_dir /etc/ca-certificates
 

extra/pre-build.d/etc/pacman.d/hooks/archiso.hook

@@ -0,0 +1,10 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Target = usr/lib/initcpio/hooks/archiso
+
+[Action]
+Description = Modifying archiso usable space...
+When = PostTransaction
+Exec = /usr/bin/sed -i -e 's/"size=${cow_spacesize}",//g' -e 's@^[[:space:]]*if\ !\ cp\ "${img}"\ "/run/archiso/copytoram/${img_fullname}"\ ;\ then@if ! pv -pterabT "${img}" > "/run/archiso/copytoram/${img_fullname}" ; then@g' /usr/lib/initcpio/hooks/archiso

extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager-dispatcher.service

@@ -0,0 +1 @@
+/dev/null

extra/pre-build.d/etc/systemd/system/multi-user.target.wants/NetworkManager.service

@@ -0,0 +1 @@
+/dev/null

extra/pre-build.d/i686/root/pre-build.arch.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+# Put any arch-specific tasks here. They will be run after /root/pre-build.sh.

extra/pre-build.d/root/.ssh/authorized_keys

@@ -1,10 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5+2R7ykAgF/IBOY0gvxWZpLzk+CpmjiCBFtQX2WN54qPYOluPgFudUEZ/zax0wccZG9qXm8fM7Jc11GqFVkxWU7sNEAIirmsE54nnXeIg7BEyamJ6l0FHkqgVV+GCWffe1cJtniIu99kz3KwgcPto4zgqcxE/RH8eSAPAX7SECAZxs3CMfPbOY7DcyUgKXaPynDvebp1Dp9q6lSrW1FBfPJOYzFdO4xGQV9VUQoCBjTqGfRCq5fvJ/tFpZAB5omwjfCis+rvgrWZsur7G5QSdh5Bphkblm9rBHdb8ot1CYSnHjKYfDr6IEDaQjiN1yw7YyjtXAjGF6a6El1AWHTnQPI5lYqXa5sL5XxjIP22NP2AihLeCey/e6sms4RrapKD5f6rnOF4zrMVkU8L40brpe3TsmqnYcmqRvj8h9U/2mMmPHzaUJvgf44JjQEXa57brU5BzQZJKZM7tBbIqGKwgI0VjYyHzfCWRd/TGvccPsCQajqIBrMet8EQc7TY4FLuZZyW+B3Jx7Tr2xSg03PJ+ODNjd1LL3e/vq6NdBXA2gNGY+9GrytfCQd3Oot4KV6JLgk+lHKlvk+24rxwPj/T9koimntQff5V+qS+NUqh/OpQSphecn6gz03rtmOCeOhLPADwdRmqSdbtSYZSr1HA+/yPsgcWBxrM2ag0g6SLC+w== root@maqabi
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5deDSXoounrijOls1qxtKFqT4xhaOdTZ5qWVYvF/2+O/Jq4B88pYbwFxd1YN1Dr67t/WUCToAUDiHBxxq3qSEbwQ1fNXnYPq7/2FvB715K5RIuQicAcHRmBHu70MZ9axPNMA+66I49Ps1t9rtssHBNvytrKHJ7/ACEsl024YQCxRtvM7MJH8iuZEO+pq2FTPHB1q2v4Bv22JY2rYe2/N2I4GMDIOz9sAreKAHSQWo7BX46AUhHqH6yNpLsLXGqq6xT6+/hJ5saUdjtd+zdYS5jsob2eHbwxoKBpsh9S7hwilyBPQ/2MpyYRh23RNu3km3fAKuN3lkbLL6SU+oa2OntfcdMC91p5GL6iYCABAteGKocz+4AxUfCdipPID/A55Q4J8YaN9xWQTHJhQ/mDuXBPZUJD4KwgDyIXBfRAmarWsVO//XzdrzQf/t4eVhkaOYUtRuWC+hFbXBI0tVII13myG1ZqvDD/ApLgQ7/Gx+3xy2ybG3aRJSzzX7C1qrNldarXXSYG6+29R+LOJUGmMj/36NhR1cryWUPxQuPr4//qRMtBOFPCxI2LlDlvXl69ZPbVr67or8iZBJyv9Y53l5rNZ1Vw7DPNwQI+PopP7GPDYjH7gfqtpUVQ6+lbaRX4pmkGwl3CfZvb0e1r71gGaCMwgaNu1LC1jVSZoZyb86zQ== bts@g.rainwreck.com
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5zY/ri5Fiyp4qArfZnBfCegU62QhNb6hUR+jtv7oRKZs7fC79BtUMqN/7NFkvDUmN5mM3sj8dVxAgCg+IabRb460yuklDTII8ojgSIpYCjoLNcOteWT9sclm1HjuH07YOAnZE/aXv0/rzhoQEKDw/9dWXFwJKaal2xw6jMQlyqO1wj21c45YnW83DrpjxUSRDo0T53NVlpLK77xar/guEopk4Q29Cr7A1pSEtHSFbSjqxTkpEBn8jyRHvH9F+S8qMyj0LoyRanAjvsny1snjuJXArDkLAAgGMWav5v8OMMrtTvSgf/2B/D74TeQiLiG1q/cN6FX+lSlOhmbvgT50MCOunuJqVeS9OvQgxw+R7OJcHVtH30wlZiQ/Zu7w4wN9ZSDYApqbtSgsqfUkbh5v3fgdWccsP/mKAYO6/NzII5pP+Xgosmi+ebZR3NutuX7nvclPDaDSHdO6ERYcRHEwxG+DinumssnirwdrNtbTOErEHrqKebf3ehBdcN2LIoyK34p8F4VaBOwE1OxdeEP012//bG4hULpFGryVfDYyItzdXksBgp3ujPjt5lqhvC9mm5UsPlT0792xUycgz8xWPxburJ1svlYoHnUENEApvmXGwiSFtedr3wdk3/Jg2C0LDMGZmIUzd8SEX9vf/+qcw6kMWYxatGbSi920uEO+9ZQ== root@dawid
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRW5+ErOj0miGagL44vvhdYhYZVVNn7I3r58a67fE2X/R73b5ibPY9ngYZpG37ObzuGDT7Ld3Zx8H8LWpKsWyOGpAhilqM0wiQ4PXiFnZShHhRIZwam7j+9h8NBySbJHsFPBoNDqcmKXu2JCk1sD351N5J/xsVJL5qlpjnfNlcitf1yi6nf95bMiiFcVRF7cWeXqxhFO1Jl4RkHSlsljaDFg/dOlor5cNrv/cMcZ5IKJSAj58lRWHF2Bw0ip/75/1YgdzLxcYrLIeZwDKrg0U+9Mk4oBMCvQ9XUonpEGDWKz+2NyDuGa3nRcuYyv4PnKAlMdsreoGU8b9U9kvLKa3DreI4JdhcoEt5sEpY0wwblVfefRRQbebHE7JuQfFHHNLBLqGi08AwV+/8JwwvIrvoPoHfqnarocxqWSnHbaPr6CIeH764pWzZYvPSjSlf1eneVwCEmiH23zgiifL5pLzrZ56f4u+i9oQw4tSKnvpkOf+fGqnMAPdTGN0qFEOItXECXDCxB2z5mMmkL7rdVETUNpi40of1AABmLCeleeK5M6qht6tx6lTokD8Sgj3rMvRjG81XRJUP98CU2Ea8JJCXJLbXCBIb8AO/pYt4/3Xzw9kGeSKgYasj7PIUPuIIZvhFHM9sKgEfjCO//7FMGswR4Y/U+OF4DqMHMLeMrg85Pw== root@workhorse
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaJpWY+mWEaZ8VHcm7YWZ+HaIRKW1jOuWc0posfrSTfWaewzmXYWiOFl7axXncEvpqcgO0G7dv3XAgvzaLj3t7TWPv+6sXcZi1VbPTC9R49k/iWm6F1iYVHxEkd4CIFQIpR//O1HZqTOrTLTSV7KuzRvJL74l6Egq8mfCw0LiKhXGLEONMOsjiQqeyivXTqb2CS7SnO/Ep40oUuS5KFbRAu+KIEhs0koSwgXxtT9ro+7BXT9sjC2nYFwEKtvFlMFEOIsBhFTk1zWpQjk79lngO+bNlpmBIuAcGhWr5Eju9nYqUaaf+QuK7oPUI+UPLK3biolg30cfk3U9N/IEUqHjZXHm2QKp3/jof1paa2Xs9twK/YetMpwvS0yshSDVIqMrVckx2foZn9hbfn06hcr6/JuxmV6ZG3Loci1H0CrXhT5T69IK2UDTYdIVqrVcVXOH9SpYZz2WRsJLavkrAfarSLFZsOoYsvYYPkKmN7YnKQFJSgPBzntaUmYpKRe2jXkwGDZBMCtQYOsmVHTwaI3nDAde7n6cad/DqTJO22XKV3EOsfbWFQ57GSX8evhR9N7nGYMs0JZ8dhNYa0rypV4+Us9Krlyi5tTjx9P56UGX5B4cfvkJfMPnojxbSEpxXR4OLjIQwy2WYfj5tzLhqXzD/1MktvRgEkjS1QmGN22k5Iw== bts@dawid
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaXAvmExdcog1ZnNBgjR6Zd8G/VJamG2S5BU5lhpmk+iu7hRs29tPi1j1vjy1Sky5aDbh1AXM0W1ClvkNfx0QiJzlJWyDzd6bEh985tI3O1++uYiPJa8P9Iz+EMQuaXhfLgAMIZNZUWIRpctHqL2M+LPlgh/+sj5i+N0oELmIoSBVLY1XyO6Iid4J+aKBCht4xmtr/iGhyGb09xBvpvbVs96Fe4v+Yo1U/Wjbbj88Mb2qZ+00J0tANUHqiDwBTt6vBq3gQLjvZTEezd+VWj23nAr/9Z7ta3Vw5B1y+Q4XOJgPsYl59kaeHuestvuH2jSfgJ5DfhcrjaWvM8oFpi27HN1A020WKlt94wDH/F6qucnGGj2w8KN8Y7WKmhZ23tlelzhl38rMaJOQ8d92Pg+vQOQpBf1dkWyZ1K3bTTZ41tahIGvwGJ3qtez20FW31emWLo5dTBQXdn+FTvesUpbUyq9rxBbDNcnCgOSj1yUPP2BCjBOc0fSaYikwpTSCy5o8XlWvVbpRnPAhqTSoL9LUIKUzX3QtCRM7Vws/XKxhIK+ZXKUn3HxihHdC5uKv+JVQEc5yUbPgyjdZFIwAXC76mpOjDZGZiZbSVYVVRD6M8bIqekb/uhVsH5DXtO+54k9yEUladHg9fXSYzwXz2ehAkSWJzMrwYgp8Q7swpasLaPQ== bts@phone
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEu4B0qHRZ8mm+1TisJ5WmVmniBHkKDOcHvXG2J8gmV1Qe0wtNC0epgM1ekAfMVqoirAc6KllJn76nT0KbzcoQMQOnCPCmqPMQFC4p0uY4pI2GR5WbujrZzSro0RUOjxskPQtPHsq8ppreIlUMRAZd7GDvR1Y7kIjnfEcf99Y+nc2LhcNN9xGn7aOt8sW5EcgAHsq4pvTAw7J7+FMNQN1HQbZoC1F1pY/I8OJd3HpnwSnNlkZG9WD+kc4RNPQk/5RO5HlNYFsUQoooRBGCde3oIhsJgl07f/JolE2wio+Obsx11FD48enOGlq162p3USQQwgTTQaG9kKg/yiiqlmvwuUHBcOJ/zXlPYF72DlMw1UNLxHXV27x0LRpl9KISq1d/lgdRD6612iuYvRaqvxQG3E9ctgylJWKfxxUev5pPiQW5k/Wu0FGFFo3wMUzIZwpLezBAIK2j49u3Jh7+LCcl6Id4rHbFWW9nh1f7GtdGmtuoadEdE4lo5QSXFX58jXuZET4u90fHCqRlxCbzQxLgoXclcAUPmjJJr/HlR9qpGyQt/yNQbya8wTcm6MSjQprY92YpW22MHHxYpBgyx/j1fqno7qDig4QriRfOSSEgDr7KgwAfmO/Kg4ChFVppwe88bbFdAFfiEHTLRZFRIm3Oe+VZBIeq62lkNKKloKSXzQ== bts@maqabi
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDM13PTELuHUE/0mpHPUKQ/vl1SawYdjFjzpMymZ5Z5c/z3+/lSisYFqRx88hzfpiGdJG8gn4z8XlbpFZJz+onH/794m115hPHisOEskgmc2nSXktPDWf92Yxcy9NxM3jE2k2aAhsyKJmJ4X0+g0JGebSSjmEpneMQrT+M68GYJ6Gduk6t9SrQr1xvgUOm6/Vv55yvffzbiYHopZNdnG3J1iP1TsT9teglNmUHarRIH7q3q5jN4NVPwCMGbXjAvO+Q82b6xSnW2J6Sn8n51k5mDvsqHWCgjpF1UO3XrFn6IBxB+MPsZF58QkRI6AkLZmkdqIEUD5tiEMTFEo+xaxDk8rN+IdV2M4obwpefXdN08jOYcNmGjit41e/nSxnYOmJK47IPXaFn/XFSph2w7dJg00YGVkdj2JqaeoAg0GJGnF1PD1LWdUuOXnU/5dbXrzwy0FfAJVjJecItACaYEcg9R98RMKvBW6VOvQldGZ6VxrrrlrNBoG9ZzRmtNYHXz7AhR9x4HNEhUBAnzyQq7yQJ/5fP5L15I1LP6xQYCLnQyWgGjkyLgpDN7YnfHN2AfE+DwzYB8NgkiQ2JAgTPsxj2e0p2jGrS8QeH2Mqc8pPQkx093m687/u1f23wjwNiwe73PAfUz3kFkTTj/SXYVCHc8cQobjVpxLTV+tXm2r7Ne1w== bts@workhorse
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWLMELTFGG+2SyiyCvr6rtLoEqk2KvloHoR33/4u2KVWDV2D8JHY8FFldY40n/Ek7lhD97v4tdUJwc4t9orRHangU6HeAnkh8eiJ1o+gqNBPMTxWn859IAK2eHQ811gglbSn3YyyuJk3IR6i43ZI4zy7fg0XN8ByOwscHPRrWs3oa7CmjvLQWgl3yKn7ehIsnhZHTQxFOdaG1wTkAiWgWPn92E+npS0pHvg5/6NYs6yRdK8ohLuxuIyzmCTI0rL8KvawpAO0wM9RRkosMheFgwhFOd7j3wWFLxTUEFeOBV/Qv0+77BkH2WGO5jCru/LSBcln/KtTmDFFIIVMjkRyjx87CwqP/TqbVlHCa0ey2uIQhdMVo8dRLqMYVWbxSoSwGtqctRXPfAA6rg5mcxWvJyUV7G1WLnuix11k8ErHsKQmTzhBwE2P5OgIWcrEygptUNykuy5o/ZlD7Uw+EZPeoqZ8z4wE+ECGqGCcuicviXjy6OPLH/+nIBjoqZaEdiQHSz/778xU9C361CKdRXBWVUUgB0yqE+TQOARefsWVTrMXC0/GnSWYipNRKn1GXN1H7ttHCgsym4a7iOguuMfsYzJ7BY1897xylfHrxhgduX62c4S1QJBfvlfMbgCn82myum5ZrS2Vep0Kl5tizgCNl2mqODdtQPpP+PgmBGHf4/hQ== root@guru.square-r00t.net
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz53DTICmBDfNUfhdnwQGUbFMGWhFBksAy1Vt6/2L7opdNqyxocIJT3qjlllpZA5Stb0frDnzNW3oe0yq6L9g4h7z4O8jaWgsqZeFzUqNJdsBJIpsmuZxA1PrWb5scxyhZz4JJpVoVDCU3bXesBPVA7OOeWL/pq43q55wwiVzV9A9JDI4wScwshyHrfwkaQJoLv9mRUuYfIghUbyi50B2cVAzna2TDjNFxk33V1PIFmWLoxlJHzrB36w9VoRL5geVeUmTvv+LOiKeOJ+LlWP+H6tu4hygdwpS+ktJ7I+RKOKD0KlqqQHeMGDIeXiXRFLoayp1jx4LnzEmaIKxPmwTdvytrNE9Ejr+SzCgNOaWZVA2CmYF/hvlrAsdZC3v8Gv6D18Au2gWIQUA1UAKe40xMtLNlOip9lE1x+Le4gkDTuGRr8pjv45ewzZnNoP6AymXToXlhvCSMDPMja/u/DEz0p7G28JnbLnGUZDX1xrrQLhZ8OtnwBZEoCeDxLsEmTWv/KVTrf/Sels2cCXT9n3xSSwNjTijeMuQ5afyQO2+XXEwxMbpQKAH/KoBt2Da1xRpq0CSsjYtCkddKdksipgwLVVXwFzib/IzxhNMdguMxLgz1bX1c9pzFJI6gA0CdwJrWqfq0SKzZZQJOBDrmhNJEUQcDT+QYBso+8CdcIZh5ew== root@g.rainwreck.com

extra/pre-build.d/root/packages.both

@@ -110,6 +110,7 @@ gst-libav
 gst-plugins-ugly
 hashcat
 hashdeep
+haveged
 hddtemp
 hdparm
 hexcurse
@@ -289,6 +290,7 @@ thttpd
 tmon
 tmux
 tre
+tree
 truecrack-git
 truecrypt
 tor

extra/pre-build.d/root/packages.both.FULL

@@ -0,0 +1,337 @@
+# Commented lines are supported (via a preceding # only).
+# Packages from the AUR can be specified.
+# We need to install all X drivers.
+abs
+acpi
+#acpidump
+#afflib
+aircrack-ng
+apr
+apr-util
+arj
+asciidoc
+atop
+autopsy
+autossh
+backuppc
+#bacula ## TODO: grab all the bacula packages in here
+beep
+bin86
+bind-tools
+binutils
+bluez-utils
+bonnie++ ## TODO: ugh. apacman has a new "regex mode"... that you can't disable. https://github.com/oshazard/apacman/issues/79
+boxbackup-client
+boxbackup-server
+bozocrack-git
+bridge-utils
+burp-backup-git
+btrfs-progs
+cabextract
+cdrtools
+cdw
+cfv
+chapcrack-git
+chntpw
+cifs-utils
+ckermit
+clamav
+clonezilla
+cmospwd
+colordiff
+cowpatty
+cpio
+cpuburn
+cpupower
+crackpkcs12
+cryptcat
+cryptsetup
+csync2
+customizepkg-scripting
+dar
+dcfldd
+ddrescue
+dd_rescue
+dd_rhelp
+debianutils
+debootstrap
+#dialog #giving a weird dependency issue
+diffutils
+djohn
+dmidecode
+dnssec-anchors
+dnstracer
+#dnsutils #replaced by bind-tools, https://www.archlinux.org/packages/extra/x86_64/bind-tools/
+dos2unix
+dropbear
+dstat
+dump
+dumpet
+duplicity
+dvd+rw-tools
+e2fsprogs
+easy-rsa
+ecryptfs-utils
+ed
+elfutils
+#elilo-efi
+elinks
+etc-update
+ethtool
+exfat-utils
+ext3grep
+extundelete
+f2fs-tools
+fang
+fbset
+fcgi
+fcgiwrap
+fcrackzip
+fdupes
+file
+findmyhash
+findutils
+firefox
+flac
+flashrom
+foremost
+fsarchiver
+fuse
+gd
+git
+gnu-efi-libs
+gnu-netcat
+gpart
+gparted
+gperftools
+gpm
+gptfdisk
+gst-libav
+gst-plugins-ugly
+hashcat
+hashdeep
+haveged
+hddtemp
+hdparm
+hexcurse
+hexedit
+hfsprogs
+hfsutils
+htop
+httping
+hwdetect
+hwinfo
+hydra
+idnkit
+ifenslave
+iftop
+inetutils
+iotop
+iozone
+ipcalc
+iperf
+iperf3
+ipsec-tools
+iptraf-ng
+ipython
+irssi
+iso-codes
+isomaster
+jasper
+jfsutils
+#john-mpi
+john
+keyutils
+kismet-allplugins
+lftp
+links
+#logkeys-git # requires a /dev/input, which apparently isn't included in the chroots
+lm_sensors
+lrzsz
+lshw
+#lsiutil # giving intermittent errors when trying to fetch source
+lsof
+lsscsi
+#lxde # apacman currently doesn't like package groups, so...
+gpicview
+lxappearance
+lxappearance-obconf
+lxde-common
+lxde-icon-theme
+lxdm
+lxinput
+lxlauncher
+lxmusic
+lxpanel
+lxrandr
+lxsession
+lxtask
+lxterminal
+openbox
+pcmanfm
+# end lxde
+lynx
+#lzip
+macchanger
+#magicrescue # no longer maintained, upstream down
+mbr
+mbuffer
+mcelog
+mdadm
+mdcrack
+# superseded by storcli
+#megaraid-cli
+memtester
+mfoc
+minicom
+#mondo # mindi-busybox fails to build 09.23.2016
+mtd-utils
+mtr
+mtree
+multipath-tools
+myrescue
+nbd
+ncftp
+ncompress
+ncrack
+net-snmp
+netselect
+nettle
+networkmanager-pptp
+nginx-devel
+ngrep
+nmap
+nmon
+ntfs-3g
+ntfsfixboot
+#nwipe #broken since they moved to github(?)
+nwipe-git
+obnam
+open-iscsi
+openipmi
+ophcrack
+os-prober
+p7zip
+pack
+par2cmdline
+partclone
+partclone-utils
+parted
+partimage
+pax-utils
+pciutils
+pcmciautils
+pdfcrack
+perf
+php
+php-fpm
+php-gd
+php-mcrypt
+phrasendrescher
+pigz
+pkgfile
+pkgtools
+ppp
+pptpclient
+procinfo-ng
+procps-ng
+progsreiserfs
+psmisc
+pwgen
+pixz
+pyrit
+python2-gnuplot
+python2-pyx
+rarcrack
+rcracki_mt
+rdiff-backup
+read-edid
+reaver-wps-fork-t6x-git
+rename
+rfkill
+rp-pppoe
+rpcbind
+rpmextract
+rp-pppoe
+rsnapshot
+rygel
+safecopy
+samba
+scalpel-git
+scapy
+screen
+scrounge-ntfs
+scrub
+scsiadd
+sdparm
+setserial
+sg3_utils
+sharutils
+sipcalc
+sipcrack
+smartmontools
+smbclient
+s-nail
+socat
+#star ## do people even USE tape backups anymore?
+storcli
+strace
+stress
+sucrack
+symlinks
+sysstat
+tcpdump
+tcpslice
+tcptraceroute
+testdisk
+tftp-hpa
+thin-provisioning-tools
+thttpd
+tmon
+tmux
+tre
+tree
+truecrack-git
+truecrypt
+tor
+udftools
+#udpcast
+unace
+unison
+unrar
+unshield
+unzip
+usb_modeswitch
+usbip
+usbutils
+vim-a
+vim-bufexplorer
+vim-indent-object
+vim-minibufexpl
+vim-nerdtree
+vim-syntastic
+vim-workspace
+vlc
+vncrack
+vnstat
+vpnc
+weplab
+#whdd #currently depends on dialog, which is broke as shit
+whois
+wifite-mod-pixiewps-git
+wipe
+wireshark-cli
+wpscrack
+wput
+x11vnc
+xfburn
+xfsdump
+xfsprogs
+xmlto
+xorg
+xorg-drivers
+xorg-xinit
+xterm
+zerofree
+zip
+zsh

extra/pre-build.d/root/packages.both.SMALL

@@ -0,0 +1,4 @@
+# Commented lines are supported (via a preceding # only).
+# Packages from the AUR can be specified.
+# We need to install all X drivers.
+mtree

extra/pre-build.d/x86_64/root/pre-build.arch.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+# Put any arch-specific tasks here. They will be run after /root/pre-build.sh.

extra/templates/VERSION_INFO.txt.j2

@@ -2,5 +2,5 @@ Version:        {{ bdisk['ver'] }}
 Build:          {{ build['buildnum'] }}
 Time:           {{ build['time'] }}
 Machine:        {{ hostname }} ({{ distro }})
-User:           {{ build['user'] }}{% if build['realuser'] is defined and build['realuser'] > 0 %} ({{ build['realuser'] }}){% endif %}
+User:           {{ build['user'] }}{% if build['realuser'] is defined and build['realuser']|length > 0 %} ({{ build['realuser'] }}){% endif %}
 

extra/templates/pre-build.d/root/VARS.txt.j2

@@ -0,0 +1,11 @@
+export DISTNAME='{{ bdisk['name']|upper }}'
+export UXNAME='{{ bdisk['name']|lower }}'
+export PNAME='{{ bdisk['name'] }}'
+export DISTPUB='{{ bdisk['dev'] }}'
+export DISTDESC='{{ bdisk['desc'] }}'
+export REGUSR='{{ user['username']|lower }}'
+export USERCOMMENT='{{ user['name'] }}'
+export REGUSR_PASS='{{ user['password'] }}'
+export ROOT_PASS='{{ bdisk['root_password'] }}'
+export SIGKEY='{{ mygpgkey }}'
+

overlay/etc/bash.bashrc

@@ -1,64 +0,0 @@
-#
-# /etc/bash.bashrc
-#
-
-# If not running interactively, don't do anything
-[[ $- != *i* ]] && return
-
-PS1='[\u@\h \W]\$ '
-PS2='> '
-PS3='> '
-PS4='+ '
-
-case ${TERM} in
-  xterm*|rxvt*|Eterm|aterm|kterm|gnome*)
-    PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
-
-    ;;
-  screen)
-    PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
-    ;;
-esac
-
-[ -r /usr/share/bash-completion/bash_completion   ] && . /usr/share/bash-completion/bash_completion
-
-alias vi='/usr/bin/vim'
-export EDITOR="vim"
-
-if [ -f ~/.bashrc ];
-then
- source ~/.bashrc
-fi 
-if [ -d ~/bin ];
-then
- export PATH="$PATH:~/bin"
-fi
-
-alias grep='grep --color'
-alias egrep='egrep --color'
-
-alias ls='ls --color=auto'
-PS1='[\u@\h \W]\$ '
-
-export HISTTIMEFORMAT="%F %T "
-export PATH="${PATH}:/sbin:/bin:/usr/sbin"
-
-DEFROUTEIF=$(ip route show | egrep '^default' | awk '{print $5}')
-
-echo
-echo "==================================="
-date
-if [ -n "${DEFROUTEIF}" ];
-then
- IPADDR=$(ip a s dev ${DEFROUTEIF} | egrep '^[[:space:]]*inet\ ' | awk '{print $2}' | cut -f1 -d"/")
- HWADDR=$(ip l show dev ${DEFROUTEIF} | egrep '^[[:space:]]*link' | awk '{print $2}')
- echo
- echo -n "${DEFROUTEIF} (${HWADDR}) is: ${IPADDR}"
-fi
-echo
-echo  -n "tun0 is: "
-ifconfig tun0 | grep inet | grep -v "inet6" | awk '{print $2}'
-echo
-echo "http://bdisk.square-r00t.net/"
-echo "==================================="
-echo

overlay/etc/lxdm/lxdm.conf

@@ -1,62 +0,0 @@
-[base]
-## uncomment and set autologin username to enable autologin
-#autologin=bdisk
-
-## uncomment and set timeout to enable timeout autologin,
-## the value should >=5
-# timeout=10
-
-## default session or desktop used when no systemwide config
-# session=/usr/bin/startlxde
-
-## uncomment and set to set numlock on your keyboard
-# numlock=0
-
-## set this if you don't want to put xauth file at ~/.Xauthority
-# xauth_path=/tmp
-
-# not ask password for users who have empty password
-# skip_password=1
-
-## greeter used to welcome the user
-greeter=/usr/lib/lxdm/lxdm-greeter-gtk
-
-[server]
-## arg used to start xserver, not fully function
-arg=/usr/bin/X -background vt1
-# uncomment this if you really want xserver listen to tcp
-# tcp_listen=1
-# uncoment this if you want reset the xserver after logou
-# reset=1
-
-[display]
-## gtk theme used by greeter
-gtk_theme=Clearlooks
-
-## background of the greeter
-# bg=/usr/share/backgrounds/default.png
-
-## if show bottom pane
-bottom_pane=1
-
-## if show language select control
-lang=1
-
-## if show keyboard layout select control
-keyboard=0
-
-## the theme of greeter
-theme=Industrial
-
-[input]
-
-[userlist]
-## if disable the user list control at greeter
-disable=0
-
-## whitelist user
-white=
-
-## blacklist user
-black=
-

overlay/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service

@@ -1 +0,0 @@
-/usr/lib/systemd/system/NetworkManager.service

overlay/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service

@@ -1 +0,0 @@
-/usr/lib/systemd/system/NetworkManager-dispatcher.service

overlay/etc/systemd/system/getty@tty1.service.d/autologin.conf

@@ -1,5 +0,0 @@
-#[Service]
-##Type=simple
-#Type=idle
-#ExecStart=
-#ExecStart=-/usr/bin/agetty --autologin bdisk --noclear %I 38400 linux

overlay/etc/systemd/system/multi-user.target.wants/NetworkManager.service

@@ -1 +0,0 @@
-/usr/lib/systemd/system/NetworkManager.service

overlay/etc/systemd/system/multi-user.target.wants/openvpn-client@client.service

@@ -1 +0,0 @@
-/usr/lib/systemd/system/openvpn-client@.service

overlay/etc/systemd/system/multi-user.target.wants/sshd.service

@@ -1 +0,0 @@
-/usr/lib/systemd/system/sshd.service

overlay/etc/vimrc

@@ -1,22 +0,0 @@
-" All system-wide defaults are set in $VIMRUNTIME/archlinux.vim (usually just
-" /usr/share/vim/vimfiles/archlinux.vim) and sourced by the call to :runtime
-" you can find below.  If you wish to change any of those settings, you should
-" do it in this file (/etc/vimrc), since archlinux.vim will be overwritten
-" everytime an upgrade of the vim packages is performed.  It is recommended to
-" make changes after sourcing archlinux.vim since it alters the value of the
-" 'compatible' option.
-
-" This line should not be removed as it ensures that various options are
-" properly set to work with the Vim-related packages.
-runtime! archlinux.vim
-
-" If you prefer the old-style vim functionalty, add 'runtime! vimrc_example.vim'
-" Or better yet, read /usr/share/vim/vim74/vimrc_example.vim or the vim manual
-" and configure vim to your own liking!
-
-set number
-syntax on
-set paste
-if has("autocmd")
-  au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
-endif